Translate This Page
You've been told repeatedly not to click on suspicious
links, to prevent your computer from being infected with malware and
viruses. But there's a threat you've probably never heard of that can
infect your computer—even without a single click. And lawmakers are
Experts told CNBC that advertisements on
sites can be used by cybercriminals to take over your computer, steal
your identity or access your online bank account. Websites are working
to stop the problem, but these aggressive ads still slip by with
damaging code. This kind of malicious ad—known as malvertisements—contain malware or embedded viruses, which can infect computers without a single click.
"We estimate that last year over 12.4 billion
malicious ad impressions were served," said Craig Spiezle, executive
director and president of Online Trust Alliance, a nonprofit that educates businesses and consumers on security and privacy issues.
Such ad impressions can compromise your computer if your browser has insecure privacy settings, said Curt Wilson, a senior research analyst at cybersecurity company Arbor Networks.
Spiezle testified at a May 15 Senate hearing on malvertising. He told the Senate subcommittee on investigations that malicious ads increased 225 percent between 2012 and 2013, though some tech companies disputed the increase.
Read MoreMistakes businesses are still making in cyberspace
During the hearing, lawmakers cited recent examples of
malicious ads reaching consumers. Spiezle said many large companies have
faced malvertising attacks.
"In February of this year, an engineer at a
security firm discovered that advertisements on YouTube served by
Google's ad network delivered malware to visitor's computers. … That
virus was designed to break into consumers' bank accounts and transfer
funds to cybercriminals," said Sen. John McCain, R-Ariz.
YouTube is owned by Google.
And in a statement sent by e-mail, a Google spokesman said, "In
February, we detected ads on YouTube that violated our advertising
policies. We have zero tolerance for these incidents and our teams
quickly took the appropriate actions to resolve this issue."
And according to Google's blog,
Google removed 350 million bad ads in 2013, including disabling ads
from more than 400,000 websites that were hiding malware.
In written testimony, Yahoo
said it "has built a highly sophisticated ad quality pipeline to weed
out advertising that does not meet our content, privacy or security
Read MoreLessons from Target's data breach fumble
According to lawmakers, many of the malvertising
attacks can be traced to international cybercriminals, including those
"When law enforcement raided the hideout of a
Russian cybercriminal network, they found calendars marked extensively
with U.S. federal holidays and three-day weekends," McCain said. "These
cybercriminals were not planning Fourth of July picnics, of course, they
were planning to initiate malware attacks when security staffing at the
ad networks would be at their lowest."
Last holiday season, cybercriminals were able to
put malicious ads on Yahoo. McCain said the ads were designed to seize
user's computers to mine for the digital currency bitcoin, which requires large amounts of computer power.
"In just one day, in just one hour, 300,000 users
were exposed to a malicious ad of which 9 percent or 27,000 users were
compromised," Spiezle said about the Yahoo incident.
In a statement e-mailed to CNBC, a Yahoo
spokeswoman said the ad targeted I.P. addresses in the European Union.
"Since then we have expanded our testing program to include greater
geographic and technological diversity and mitigate this kind of
spoofing," she said.
Read MoreHacker starts hedge fund targeting vulnerable companies
One reason for malvertisements is that Web ad networks
have gotten more complex. A single ad can go through as many as six
intermediaries before reaching websites it appears on, according to
"You have this very complex ecosystem and it
was designed to be very efficient, which it is. It's designed to help
provide very relevant advertising for the consumer, which it achieves,
but also in all the benefits, it's opened its door to be an easy way for
cybercriminals to compromise," Spiezle said.
Read MoreInternet ad spend up 32% as old media takes a hit
To help fight the problem, the industry has established
TrustinAds.org. The group, started on May 8, offers consumers
information on how to report malicious ads.
You can also file complaints with the Federal Trade Commission at ftc.gov/complaint. The FTC has brought legal actions for malvertising.
To protect yourself ahead of time, experts advise
installing browser and operating system updates. These patches often
contain critical updates that can stop the malware hidden in ads.
In addition, be sure to check your browser's privacy settings. If you automatically accept all cookies, you could be at risk.
Finally, make sure your antivirus and antimalware
software is up to date. This software can find the malware before it has
a chance to do damage.
Read MoreCybercriminals' new target? Your medical records
—By CNBC's Jennifer Schlesinger.
For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.
In : 848FINACE
HOT 103.1 FM HOUSTON
Make a free website with Yola